[syslog-ng] Mass text log files processing over network.
Tomasz Wrona
twr at wp.pl
Wed Sep 8 12:26:13 CEST 2010
Hello,
Could somebody point me if is it possible to configure syslog-ng to
automatic, mass, text log files processing over network?
Which version eventually support following case?
My case:
Webservers run virtual servers, which logs their own php error logs
[text files].
I want to send this logs to central log server keeping orginal
distribution based on virtual servers in the simplest way possible.
I would like to have something like this virtual setup:
#*** Client config ***#
source s_php {
# Wildcard match [only for commercial edition?] and TAG it somehow:
file("/var/log/php/*-error.log" follow_freq(1) flags(no-parse)
TAG("$FILENAME: "));
# eventually manual config for each file if above not possible:
file("/var/log/php/service1-error.log" follow_freq(1) flags(no-parse)
log_prefix("service1: "));
file("/var/log/php/service2-error.log" follow_freq(1) flags(no-parse)
log_prefix("service2: "));
};
destination d_collector_php { udp("collector" port(5501)); };
log { source(s_php); destination(d_collector_php); };
#*** Collector Server config ***#
source s_network_php {
udp(ip(0.0.0.0) port(5501));
};
# Can I split log stream using MACRO based on custom information send in
log [or syslog header]?
destination d_php {
file("/var/log/hosts/webservers/php/$HOST/$YEAR$MONTH$DAY/$TAG.log"); };
# or maybe:
destination d_php {
file("/var/log/hosts/webservers/php/$HOST/$YEAR$MONTH$DAY/$log_prefix.log");
};
log { source(s_network_php); destination(d_php); };
Regards
Tom
More information about the syslog-ng
mailing list